Haack's Wiki

User Tools

Site Tools

Trace:
computing:miscadmin

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:miscadmin [2021/04/02 20:31] oemb1905computing:miscadmin [2024/12/07 19:48] (current) oemb1905
Line 1: Line 1:
- 
 ------------------------------------------- -------------------------------------------
   * **miscadmin**    * **miscadmin** 
Line 229: Line 228:
   cat /var/log/auth.log | grep 'sshd.*Invalid'   cat /var/log/auth.log | grep 'sshd.*Invalid'
   cat /var/log/auth.log | grep 'sshd.*opened'   cat /var/log/auth.log | grep 'sshd.*opened'
 +  
 +-checking disk space-
 +
 +  du -ch -d 1 | sort -hr
 +
 +-check disk space with ncurses tool-
 +
 +  sudo apt install ncdu
 +  ncdu
 +  
 +-stop/start sleep of any form on servers-
 +
 +  sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
 +  sudo systemctl unmask sleep.target suspend.target hibernate.target hybrid-sleep.target
 +  
 +-xorg with ssh
 +
 +  touch /root/.Xauthority 
 +  touch /home/user/.Xauthority
 +  
 +-batch convert with ffmpeg to mp4 from mkv
 +
 +  for i in *.mkv; do
 +  ffmpeg -i "$i" -codec copy "${i%.*}.mp4"
 +  done
 +
 +-fix badly configured zpool that used short names to by-id names. This command can be entered as-is, and does not need to be adjusted at all for what your specific ids are or for multiple drives. It literally exports the short names and by-ids, unmounts the volumes/pool, then remakes it using the blkid.
 +
 +  zpool export tank 
 +  zpool import -d /dev/disk/by-id tank
 +  
 +monitor ram usage every 3 seconds in human readable way
 +
 +  free -h -w -s 3
 +  
 +postfix to relay, satellite option, enter the relay like this:  to prevent lookups
 +  
 +  [smtp.smtpserver.com]:587
 +  
 +Re-attach to screen session that's attached.
 +
 +  screen -d -r <session#.user>
 +  
 +mysqldump to local from remote
 +
 +  ssh root@hub.haacksnetworking.org /usr/bin/mysqldump --all-databases --single-transaction --skip-comments --skip-dump-date > hknet.sqldump
 +  
 +Turn off sleep.
 +
 +  sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
 +  
 +Amd gPU errors fix
 +  
 +  mkdir ~/Repositories
 +  cd /home/user/Repositories && git clone https://kernel.googlesource.com/pub/scm/linux/kernel/git/firmware/linux-firmware.git
 +  sudo cp /home/user/Repositories/linux-firmware/amdgpu/* /lib/firmware/amdgpu && sudo update-initramfs -k all -u -v
 +  
 +Unattended Upgrades
 +
 +  sudo apt install unattended-upgrades
 +  sudo apt install apt-config-auto-update
 +  sudo unattended-upgrades --dry-run --debug
 +  sudo systemctl status unattended-upgrades
 +
 +Next ... ssh failed attempts
 +
 +  grep "Failed password" /var/log/auth.log
 +  journalctl _SYSTEMD_UNIT=ssh.service | egrep "Failed|Failure"
 +  faillock --user <user>
 +  grep "authentication failure" /var/log/auth.log | awk '{ print $14 }' | cut -b7-  | sort | uniq -c
 +
 +Display Managers (Lightdm, etc.)
 +
 +  sudo nano /etc/lightdm/lightdm-gtk-greeter.conf
 +  [SeatDefaults]
 +  allow-guest=false
 +  greeter-hide-users=true
 +  nano ~/.config/gtk-3.0/settings.ini
 +  [Settings]
 +  gtk-application-prefer-dark-theme=1
 +  sudo nano /etc/lightdm/lightdm.conf
 +  cd /usr/share/lightdm/light.conf.d/
 +  
 +Setting ufw to allow connections to only certain subnets.
 +
 +  ufw allow from 10.16.16.0/24 to any proto tcp port 8006
 +  ufw allow from 10.36.36.0/24 to any proto tcp port 8006
 +  ufw allow from 10.16.16.0/24 to any proto tcp port 22
 +  ufw allow from 10.36.36.0/24 to any proto tcp port 22
 +  ufw allow from 10.16.16.0/24 to any proto tcp port 80
 +  ufw allow from 10.36.36.0/24 to any proto tcp port 80
 +  ufw allow from 10.16.16.0/24 to any proto tcp port 443
 +  ufw allow from 10.36.36.0/24 to any proto tcp port 443
 +
 +Establish NIC name using mac:ID
 +
 +  nano /etc/udev/rules.d/70-persistent-net.rules
 +  SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="00:00:00:00:00:00",ATTR{type}=="1",NAME="eth100"
 +  
 +Establish Nemo as default, remove desktop icons, verify nemo default
 +
 +  xdg-mime default nemo.desktop inode/directory application/x-gnome-saved-search
 +  gsettings set org.gnome.desktop.background show-desktop-icons false
 +  xdg-mime query default inode/directory
 +  
 +Sury php
 +
 +  sudo apt install -y apt-transport-https lsb-release ca-certificates wget
 +  wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
 +  echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list 
 +  
 +Static ipv6 in ifupdown
 +
 +  iface enp0s3 inet6 static
 +    address 2001:db8:1000::1
 +    netmask 64
 +    gateway 2001:db8:1000::1
 +    autoconf 0
 +    dns-nameservers 2001:4860:4860::8888 2001:4860:4860::8844
 +    
 +Assigning an interface a persistent name so that bridging and static ifupdown assignments don't fail on reboot.
 +
 +  sudo nano /etc/udev/rules.d/70-persistent-net.rules
 +  SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="29:af:2c:34:g7:11",ATTR{type}=="1",NAME="eth100"
 +  
 +Convert pdf to Word
 +
 +  libreoffice --infilter="writer_pdf_import" --convert-to docx Terms-Of-Service.pdf
 +  
 +Instruct a client to ignore the DNS server offers made by the router on Debian. 
 +
 +  sudo nano /etc/dhcp/dhclient.conf
 +
 +In that file, find the section that begins with ''request subnet-mask'' and remove domain-name-servers from it.
 +
 +  request subnet-mask, broadcast-address, time-offset, routers,
 +    domain-name, __domain-name-servers__, domain-search, host-name,
 +    dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
 +    netbios-name-servers, netbios-scope, interface-mtu,
 +    rfc3442-classless-static-routes, ntp-servers;
 +
 +After that's removed, find the section that begins with ''prepend domain-name-servers 127.0.0.1;'' and change it as you see fit:
 +
 +  prepend domain-name-servers 192.168.1.20;
 +  prepend domain-name-servers 192.168.1.21;
 +  sudo systemctl restart networking
 +  
 +After you restart networking, run ''cat /etc/resolv.conf'' and make sure the DNS is what you desired. In order to test whether there are DNS leaks, use tcpdump and adjust port to 53, 5335, 853, etc.
 +
 +  tcpdump -vv -x -X -s 1500 -i eth0 'port 853'
 +
 +In order to set a policy on Chrome to stop DOT, or DNS over TLS/https, do the following:
 +
 +  sudo nano /etc/opt/chrome/policies/managed/policies.json
 +  {
 +  "BrowserGuestModeEnabled": false,
 +  "BrowserAddPersonEnabled": false,
 +  "IncognitoModeAvailability": 1,
 +  "DnsOverHttpsMode": false,
 +  "ExtensionSettings": {"*": {"installation_mode": "blocked"}}
 +  }
 +
 +Running Debian testing/unstable and your zfs modules suddenly won't load after a reboot and upgrade, well do the following:
 +
 +  sudo apt-get install linux-headers-$(uname -r)
 +
 +Alright ....
  
- --- //[[oemb1905@jonathanhaack.com|oemb1905]] 2019/11/02 20:56//+ --- //[[webmaster@haacksnetworking.org|oemb1905]] 2024/12/07 19:48//
computing/miscadmin.1617395517.txt.gz · Last modified: 2021/04/02 20:31 by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki